1 /* $OpenBSD: hci_event.c,v 1.6 2007/10/01 16:39:30 krw Exp $ */
2 /* $NetBSD: hci_event.c,v 1.6 2007/04/21 06:15:23 plunky Exp $ */
3 /* $DragonFly: src/sys/netbt/hci_event.c,v 1.1 2007/12/30 20:02:56 hasso Exp $ */
6 * Copyright (c) 2005 Iain Hibbert.
7 * Copyright (c) 2006 Itronix Inc.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The name of Itronix Inc. may not be used to endorse
19 * or promote products derived from this software without specific
20 * prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
25 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
26 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
29 * ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGE.
35 #include <sys/cdefs.h>
37 #include <sys/param.h>
38 #include <sys/kernel.h>
39 #include <sys/malloc.h>
42 #include <sys/systm.h>
43 #include <sys/endian.h>
46 #include <netbt/bluetooth.h>
47 #include <netbt/hci.h>
48 #include <netbt/sco.h>
50 static void hci_event_inquiry_result(struct hci_unit *, struct mbuf *);
51 static void hci_event_command_status(struct hci_unit *, struct mbuf *);
52 static void hci_event_command_compl(struct hci_unit *, struct mbuf *);
53 static void hci_event_con_compl(struct hci_unit *, struct mbuf *);
54 static void hci_event_discon_compl(struct hci_unit *, struct mbuf *);
55 static void hci_event_con_req(struct hci_unit *, struct mbuf *);
56 static void hci_event_num_compl_pkts(struct hci_unit *, struct mbuf *);
57 static void hci_event_auth_compl(struct hci_unit *, struct mbuf *);
58 static void hci_event_encryption_change(struct hci_unit *, struct mbuf *);
59 static void hci_event_change_con_link_key_compl(struct hci_unit *, struct mbuf *);
60 static void hci_cmd_read_bdaddr(struct hci_unit *, struct mbuf *);
61 static void hci_cmd_read_buffer_size(struct hci_unit *, struct mbuf *);
62 static void hci_cmd_read_local_features(struct hci_unit *, struct mbuf *);
63 static void hci_cmd_reset(struct hci_unit *, struct mbuf *);
65 #ifdef BLUETOOTH_DEBUG
66 int bluetooth_debug = BLUETOOTH_DEBUG;
68 static const char *hci_eventnames[] = {
70 /* 0x01 */ "INQUIRY COMPLETE",
71 /* 0x02 */ "INQUIRY RESULT",
72 /* 0x03 */ "CONN COMPLETE",
73 /* 0x04 */ "CONN REQ",
74 /* 0x05 */ "DISCONN COMPLETE",
75 /* 0x06 */ "AUTH COMPLETE",
76 /* 0x07 */ "REMOTE NAME REQ COMPLETE",
77 /* 0x08 */ "ENCRYPTION CHANGE",
78 /* 0x09 */ "CHANGE CONN LINK KEY COMPLETE",
79 /* 0x0a */ "MASTER LINK KEY COMPLETE",
80 /* 0x0b */ "READ REMOTE FEATURES COMPLETE",
81 /* 0x0c */ "READ REMOTE VERSION INFO COMPLETE",
82 /* 0x0d */ "QoS SETUP COMPLETE",
83 /* 0x0e */ "COMMAND COMPLETE",
84 /* 0x0f */ "COMMAND STATUS",
85 /* 0x10 */ "HARDWARE ERROR",
86 /* 0x11 */ "FLUSH OCCUR",
87 /* 0x12 */ "ROLE CHANGE",
88 /* 0x13 */ "NUM COMPLETED PACKETS",
89 /* 0x14 */ "MODE CHANGE",
90 /* 0x15 */ "RETURN LINK KEYS",
91 /* 0x16 */ "PIN CODE REQ",
92 /* 0x17 */ "LINK KEY REQ",
93 /* 0x18 */ "LINK KEY NOTIFICATION",
94 /* 0x19 */ "LOOPBACK COMMAND",
95 /* 0x1a */ "DATA BUFFER OVERFLOW",
96 /* 0x1b */ "MAX SLOT CHANGE",
97 /* 0x1c */ "READ CLOCK OFFSET COMPLETE",
98 /* 0x1d */ "CONN PKT TYPE CHANGED",
99 /* 0x1e */ "QOS VIOLATION",
100 /* 0x1f */ "PAGE SCAN MODE CHANGE",
101 /* 0x20 */ "PAGE SCAN REP MODE CHANGE",
102 /* 0x21 */ "FLOW SPECIFICATION COMPLETE",
103 /* 0x22 */ "RSSI RESULT",
104 /* 0x23 */ "READ REMOTE EXT FEATURES"
108 hci_eventstr(unsigned int event)
111 if (event < (sizeof(hci_eventnames) / sizeof(*hci_eventnames)))
112 return hci_eventnames[event];
115 case HCI_EVENT_SCO_CON_COMPL: /* 0x2c */
116 return "SCO CON COMPLETE";
118 case HCI_EVENT_SCO_CON_CHANGED: /* 0x2d */
119 return "SCO CON CHANGED";
121 case HCI_EVENT_BT_LOGO: /* 0xfe */
124 case HCI_EVENT_VENDOR: /* 0xff */
128 return "UNRECOGNISED";
130 #endif /* BLUETOOTH_DEBUG */
135 * We will free the mbuf at the end, no need for any sub
136 * functions to handle that. We kind of assume that the
137 * device sends us valid events.
138 * XXX "kind of"? This needs to be fixed.
141 hci_event(struct mbuf *m, struct hci_unit *unit)
145 KKASSERT(m->m_flags & M_PKTHDR);
147 KKASSERT(m->m_pkthdr.len >= sizeof(hdr));
148 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr);
149 m_adj(m, sizeof(hdr));
151 KKASSERT(hdr.type == HCI_EVENT_PKT);
153 DPRINTFN(1, "(%s) event %s\n", unit->hci_devname, hci_eventstr(hdr.event));
156 case HCI_EVENT_COMMAND_STATUS:
157 hci_event_command_status(unit, m);
160 case HCI_EVENT_COMMAND_COMPL:
161 hci_event_command_compl(unit, m);
164 case HCI_EVENT_NUM_COMPL_PKTS:
165 hci_event_num_compl_pkts(unit, m);
168 case HCI_EVENT_INQUIRY_RESULT:
169 hci_event_inquiry_result(unit, m);
172 case HCI_EVENT_CON_COMPL:
173 hci_event_con_compl(unit, m);
176 case HCI_EVENT_DISCON_COMPL:
177 hci_event_discon_compl(unit, m);
180 case HCI_EVENT_CON_REQ:
181 hci_event_con_req(unit, m);
184 case HCI_EVENT_AUTH_COMPL:
185 hci_event_auth_compl(unit, m);
188 case HCI_EVENT_ENCRYPTION_CHANGE:
189 hci_event_encryption_change(unit, m);
192 case HCI_EVENT_CHANGE_CON_LINK_KEY_COMPL:
193 hci_event_change_con_link_key_compl(unit, m);
196 case HCI_EVENT_SCO_CON_COMPL:
197 case HCI_EVENT_INQUIRY_COMPL:
198 case HCI_EVENT_REMOTE_NAME_REQ_COMPL:
199 case HCI_EVENT_MASTER_LINK_KEY_COMPL:
200 case HCI_EVENT_READ_REMOTE_FEATURES_COMPL:
201 case HCI_EVENT_READ_REMOTE_VER_INFO_COMPL:
202 case HCI_EVENT_QOS_SETUP_COMPL:
203 case HCI_EVENT_HARDWARE_ERROR:
204 case HCI_EVENT_FLUSH_OCCUR:
205 case HCI_EVENT_ROLE_CHANGE:
206 case HCI_EVENT_MODE_CHANGE:
207 case HCI_EVENT_RETURN_LINK_KEYS:
208 case HCI_EVENT_PIN_CODE_REQ:
209 case HCI_EVENT_LINK_KEY_REQ:
210 case HCI_EVENT_LINK_KEY_NOTIFICATION:
211 case HCI_EVENT_LOOPBACK_COMMAND:
212 case HCI_EVENT_DATA_BUFFER_OVERFLOW:
213 case HCI_EVENT_MAX_SLOT_CHANGE:
214 case HCI_EVENT_READ_CLOCK_OFFSET_COMPL:
215 case HCI_EVENT_CON_PKT_TYPE_CHANGED:
216 case HCI_EVENT_QOS_VIOLATION:
217 case HCI_EVENT_PAGE_SCAN_MODE_CHANGE:
218 case HCI_EVENT_PAGE_SCAN_REP_MODE_CHANGE:
219 case HCI_EVENT_FLOW_SPECIFICATION_COMPL:
220 case HCI_EVENT_RSSI_RESULT:
221 case HCI_EVENT_READ_REMOTE_EXTENDED_FEATURES:
222 case HCI_EVENT_SCO_CON_CHANGED:
223 case HCI_EVENT_BT_LOGO:
224 case HCI_EVENT_VENDOR:
238 * Update our record of num_cmd_pkts then post-process any pending commands
239 * and optionally restart cmd output on the unit.
242 hci_event_command_status(struct hci_unit *unit, struct mbuf *m)
244 hci_command_status_ep ep;
245 struct hci_link *link;
247 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
248 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
249 m_adj(m, sizeof(ep));
251 DPRINTFN(1, "(%s) opcode (%03x|%04x) status = 0x%x num_cmd_pkts = %d\n",
253 HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)),
257 unit->hci_num_cmd_pkts = ep.num_cmd_pkts;
260 * post processing of pending commands
262 switch(letoh16(ep.opcode)) {
263 case HCI_CMD_CREATE_CON:
265 case 0x12: /* Invalid HCI command parameters */
266 DPRINTF("(%s) Invalid HCI command parameters\n",
268 while ((link = hci_link_lookup_state(unit,
269 HCI_LINK_ACL, HCI_LINK_WAIT_CONNECT)) != NULL)
270 hci_link_free(link, ECONNABORTED);
278 while (unit->hci_num_cmd_pkts > 0 && !IF_QEMPTY(&unit->hci_cmdwait)) {
279 IF_DEQUEUE(&unit->hci_cmdwait, m);
280 hci_output_cmd(unit, m);
287 * Update our record of num_cmd_pkts then handle the completed command,
288 * and optionally restart cmd output on the unit.
291 hci_event_command_compl(struct hci_unit *unit, struct mbuf *m)
293 hci_command_compl_ep ep;
295 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
296 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
297 m_adj(m, sizeof(ep));
299 DPRINTFN(1, "(%s) opcode (%03x|%04x) num_cmd_pkts = %d\n",
301 HCI_OGF(letoh16(ep.opcode)), HCI_OCF(letoh16(ep.opcode)),
304 unit->hci_num_cmd_pkts = ep.num_cmd_pkts;
307 * post processing of completed commands
309 switch(letoh16(ep.opcode)) {
310 case HCI_CMD_READ_BDADDR:
311 hci_cmd_read_bdaddr(unit, m);
314 case HCI_CMD_READ_BUFFER_SIZE:
315 hci_cmd_read_buffer_size(unit, m);
318 case HCI_CMD_READ_LOCAL_FEATURES:
319 hci_cmd_read_local_features(unit, m);
323 hci_cmd_reset(unit, m);
330 while (unit->hci_num_cmd_pkts > 0 && !IF_QEMPTY(&unit->hci_cmdwait)) {
331 IF_DEQUEUE(&unit->hci_cmdwait, m);
332 hci_output_cmd(unit, m);
337 * Number of Completed Packets
339 * This is sent periodically by the Controller telling us how many
340 * buffers are now freed up and which handle was using them. From
341 * this we determine which type of buffer it was and add the qty
342 * back into the relevant packet counter, then restart output on
343 * links that have halted.
346 hci_event_num_compl_pkts(struct hci_unit *unit, struct mbuf *m)
348 hci_num_compl_pkts_ep ep;
349 struct hci_link *link, *next;
350 uint16_t handle, num;
351 int num_acl = 0, num_sco = 0;
353 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
354 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
355 m_adj(m, sizeof(ep));
357 while (ep.num_con_handles--) {
358 m_copydata(m, 0, sizeof(handle), (caddr_t)&handle);
359 m_adj(m, sizeof(handle));
360 handle = letoh16(handle);
362 m_copydata(m, 0, sizeof(num), (caddr_t)&num);
363 m_adj(m, sizeof(num));
366 link = hci_link_lookup_handle(unit, handle);
368 if (link->hl_type == HCI_LINK_ACL) {
370 hci_acl_complete(link, num);
373 hci_sco_complete(link, num);
376 /* XXX need to issue Read_Buffer_Size or Reset? */
377 kprintf("%s: unknown handle %d! "
378 "(losing track of %d packet buffer%s)\n",
379 unit->hci_devname, handle,
380 num, (num == 1 ? "" : "s"));
385 * Move up any queued packets. When a link has sent data, it will move
386 * to the back of the queue - technically then if a link had something
387 * to send and there were still buffers available it could get started
388 * twice but it seemed more important to to handle higher loads fairly
389 * than worry about wasting cycles when we are not busy.
392 unit->hci_num_acl_pkts += num_acl;
393 unit->hci_num_sco_pkts += num_sco;
395 link = TAILQ_FIRST(&unit->hci_links);
396 while (link && (unit->hci_num_acl_pkts > 0 || unit->hci_num_sco_pkts > 0)) {
397 next = TAILQ_NEXT(link, hl_next);
399 if (link->hl_type == HCI_LINK_ACL) {
400 if (unit->hci_num_acl_pkts > 0 && link->hl_txqlen > 0)
403 if (unit->hci_num_sco_pkts > 0 && link->hl_txqlen > 0)
414 * keep a note of devices seen, so we know which unit to use
415 * on outgoing connections
418 hci_event_inquiry_result(struct hci_unit *unit, struct mbuf *m)
420 hci_inquiry_result_ep ep;
421 struct hci_memo *memo;
424 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
425 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
426 m_adj(m, sizeof(ep));
428 DPRINTFN(1, "%d response%s\n", ep.num_responses,
429 (ep.num_responses == 1 ? "" : "s"));
431 while(ep.num_responses--) {
432 m_copydata(m, 0, sizeof(bdaddr_t), (caddr_t)&bdaddr);
434 DPRINTFN(1, "bdaddr %02x:%02x:%02x:%02x:%02x:%02x\n",
435 bdaddr.b[5], bdaddr.b[4], bdaddr.b[3],
436 bdaddr.b[2], bdaddr.b[1], bdaddr.b[0]);
438 memo = hci_memo_find(unit, &bdaddr);
440 memo = kmalloc(sizeof(*memo), M_BLUETOOTH,
443 DPRINTFN(0, "out of memo memory!\n");
447 LIST_INSERT_HEAD(&unit->hci_memos, memo, next);
450 microtime(&memo->time);
451 m_copydata(m, 0, sizeof(hci_inquiry_response),
452 (caddr_t)&memo->response);
453 m_adj(m, sizeof(hci_inquiry_response));
455 memo->response.clock_offset =
456 letoh16(memo->response.clock_offset);
461 * Connection Complete
463 * Sent to us when a connection is made. If there is no link
464 * structure already allocated for this, we must have changed
465 * our mind, so just disconnect.
468 hci_event_con_compl(struct hci_unit *unit, struct mbuf *m)
471 hci_write_link_policy_settings_cp cp;
472 struct hci_link *link;
475 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
476 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
477 m_adj(m, sizeof(ep));
479 DPRINTFN(1, "(%s) %s connection complete for "
480 "%02x:%02x:%02x:%02x:%02x:%02x status %#x\n",
482 (ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO"),
483 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
484 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
487 link = hci_link_lookup_bdaddr(unit, &ep.bdaddr, ep.link_type);
492 case 0x04: /* "Page Timeout" */
496 case 0x08: /* "Connection Timed Out" */
497 case 0x10: /* "Connection Accept Timeout Exceeded" */
501 case 0x16: /* "Connection Terminated by Local Host" */
510 hci_link_free(link, err);
519 dp.con_handle = ep.con_handle;
520 dp.reason = 0x13; /* "Remote User Terminated Connection" */
522 hci_send_cmd(unit, HCI_CMD_DISCONNECT, &dp, sizeof(dp));
526 /* XXX could check auth_enable here */
528 if (ep.encryption_mode)
529 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
531 link->hl_state = HCI_LINK_OPEN;
532 link->hl_handle = HCI_CON_HANDLE(letoh16(ep.con_handle));
534 if (ep.link_type == HCI_LINK_ACL) {
535 cp.con_handle = ep.con_handle;
536 cp.settings = htole16(unit->hci_link_policy);
537 err = hci_send_cmd(unit, HCI_CMD_WRITE_LINK_POLICY_SETTINGS,
540 kprintf("%s: Warning, could not write link policy\n",
543 err = hci_acl_setmode(link);
544 if (err == EINPROGRESS)
547 hci_acl_linkmode(link);
549 (*link->hl_sco->sp_proto->connected)(link->hl_sco->sp_upper);
554 * Disconnection Complete
556 * This is sent in response to a disconnection request, but also if
557 * the remote device goes out of range.
560 hci_event_discon_compl(struct hci_unit *unit, struct mbuf *m)
562 hci_discon_compl_ep ep;
563 struct hci_link *link;
565 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
566 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
567 m_adj(m, sizeof(ep));
569 ep.con_handle = letoh16(ep.con_handle);
571 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
573 link = hci_link_lookup_handle(unit, HCI_CON_HANDLE(ep.con_handle));
575 hci_link_free(link, ENOENT); /* XXX NetBSD used ENOLINK here */
581 * We check upstream for appropriate listeners and accept connections
585 hci_event_con_req(struct hci_unit *unit, struct mbuf *m)
588 hci_accept_con_cp ap;
589 hci_reject_con_cp rp;
590 struct hci_link *link;
592 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
593 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
594 m_adj(m, sizeof(ep));
596 DPRINTFN(1, "bdaddr %2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x "
597 "class %2.2x%2.2x%2.2x type %s\n",
598 ep.bdaddr.b[5], ep.bdaddr.b[4], ep.bdaddr.b[3],
599 ep.bdaddr.b[2], ep.bdaddr.b[1], ep.bdaddr.b[0],
600 ep.uclass[0], ep.uclass[1], ep.uclass[2],
601 ep.link_type == HCI_LINK_ACL ? "ACL" : "SCO");
603 if (ep.link_type == HCI_LINK_ACL)
604 link = hci_acl_newconn(unit, &ep.bdaddr);
606 link = hci_sco_newconn(unit, &ep.bdaddr);
609 memset(&rp, 0, sizeof(rp));
610 bdaddr_copy(&rp.bdaddr, &ep.bdaddr);
611 rp.reason = 0x0f; /* Unacceptable BD_ADDR */
613 hci_send_cmd(unit, HCI_CMD_REJECT_CON, &rp, sizeof(rp));
615 memset(&ap, 0, sizeof(ap));
616 bdaddr_copy(&ap.bdaddr, &ep.bdaddr);
617 if (unit->hci_link_policy & HCI_LINK_POLICY_ENABLE_ROLE_SWITCH)
618 ap.role = HCI_ROLE_MASTER;
620 ap.role = HCI_ROLE_SLAVE;
622 hci_send_cmd(unit, HCI_CMD_ACCEPT_CON, &ap, sizeof(ap));
629 * Authentication has been completed on an ACL link. We can notify the
630 * upper layer protocols unless further mode changes are pending.
633 hci_event_auth_compl(struct hci_unit *unit, struct mbuf *m)
635 hci_auth_compl_ep ep;
636 struct hci_link *link;
639 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
640 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
641 m_adj(m, sizeof(ep));
643 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle));
645 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
647 link = hci_link_lookup_handle(unit, ep.con_handle);
648 if (link == NULL || link->hl_type != HCI_LINK_ACL)
651 if (ep.status == 0) {
652 link->hl_flags |= HCI_LINK_AUTH;
654 if (link->hl_state == HCI_LINK_WAIT_AUTH)
655 link->hl_state = HCI_LINK_OPEN;
657 err = hci_acl_setmode(link);
658 if (err == EINPROGRESS)
662 hci_acl_linkmode(link);
668 * The encryption status has changed. Basically, we note the change
669 * then notify the upper layer protocol unless further mode changes
671 * Note that if encryption gets disabled when it has been requested,
672 * we will attempt to enable it again.. (its a feature not a bug :)
675 hci_event_encryption_change(struct hci_unit *unit, struct mbuf *m)
677 hci_encryption_change_ep ep;
678 struct hci_link *link;
681 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
682 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
683 m_adj(m, sizeof(ep));
685 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle));
687 DPRINTFN(1, "handle #%d, status=0x%x, encryption_enable=0x%x\n",
688 ep.con_handle, ep.status, ep.encryption_enable);
690 link = hci_link_lookup_handle(unit, ep.con_handle);
691 if (link == NULL || link->hl_type != HCI_LINK_ACL)
694 if (ep.status == 0) {
695 if (ep.encryption_enable == 0)
696 link->hl_flags &= ~HCI_LINK_ENCRYPT;
698 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_ENCRYPT);
700 if (link->hl_state == HCI_LINK_WAIT_ENCRYPT)
701 link->hl_state = HCI_LINK_OPEN;
703 err = hci_acl_setmode(link);
704 if (err == EINPROGRESS)
708 hci_acl_linkmode(link);
712 * Change Connection Link Key Complete
714 * Link keys are handled in userland but if we are waiting to secure
715 * this link, we should notify the upper protocols. A SECURE request
716 * only needs a single key change, so we can cancel the request.
719 hci_event_change_con_link_key_compl(struct hci_unit *unit, struct mbuf *m)
721 hci_change_con_link_key_compl_ep ep;
722 struct hci_link *link;
725 KKASSERT(m->m_pkthdr.len >= sizeof(ep));
726 m_copydata(m, 0, sizeof(ep), (caddr_t)&ep);
727 m_adj(m, sizeof(ep));
729 ep.con_handle = HCI_CON_HANDLE(letoh16(ep.con_handle));
731 DPRINTFN(1, "handle #%d, status=0x%x\n", ep.con_handle, ep.status);
733 link = hci_link_lookup_handle(unit, ep.con_handle);
734 if (link == NULL || link->hl_type != HCI_LINK_ACL)
737 link->hl_flags &= ~HCI_LINK_SECURE_REQ;
739 if (ep.status == 0) {
740 link->hl_flags |= (HCI_LINK_AUTH | HCI_LINK_SECURE);
742 if (link->hl_state == HCI_LINK_WAIT_SECURE)
743 link->hl_state = HCI_LINK_OPEN;
745 err = hci_acl_setmode(link);
746 if (err == EINPROGRESS)
750 hci_acl_linkmode(link);
754 * process results of read_bdaddr command_complete event
757 hci_cmd_read_bdaddr(struct hci_unit *unit, struct mbuf *m)
759 hci_read_bdaddr_rp rp;
761 KKASSERT(m->m_pkthdr.len >= sizeof(rp));
762 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp);
763 m_adj(m, sizeof(rp));
768 if ((unit->hci_flags & BTF_INIT_BDADDR) == 0)
771 bdaddr_copy(&unit->hci_bdaddr, &rp.bdaddr);
774 unit->hci_flags &= ~BTF_INIT_BDADDR;
781 * process results of read_buffer_size command_complete event
784 hci_cmd_read_buffer_size(struct hci_unit *unit, struct mbuf *m)
786 hci_read_buffer_size_rp rp;
788 KKASSERT(m->m_pkthdr.len >= sizeof(rp));
789 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp);
790 m_adj(m, sizeof(rp));
795 if ((unit->hci_flags & BTF_INIT_BUFFER_SIZE) == 0)
798 unit->hci_max_acl_size = letoh16(rp.max_acl_size);
799 unit->hci_num_acl_pkts = letoh16(rp.num_acl_pkts);
800 unit->hci_max_sco_size = rp.max_sco_size;
801 unit->hci_num_sco_pkts = letoh16(rp.num_sco_pkts);
804 unit->hci_flags &= ~BTF_INIT_BUFFER_SIZE;
811 * process results of read_local_features command_complete event
814 hci_cmd_read_local_features(struct hci_unit *unit, struct mbuf *m)
816 hci_read_local_features_rp rp;
818 KKASSERT(m->m_pkthdr.len >= sizeof(rp));
819 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp);
820 m_adj(m, sizeof(rp));
825 if ((unit->hci_flags & BTF_INIT_FEATURES) == 0)
828 unit->hci_lmp_mask = 0;
830 if (rp.features[0] & HCI_LMP_ROLE_SWITCH)
831 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_ROLE_SWITCH;
833 if (rp.features[0] & HCI_LMP_HOLD_MODE)
834 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_HOLD_MODE;
836 if (rp.features[0] & HCI_LMP_SNIFF_MODE)
837 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_SNIFF_MODE;
839 if (rp.features[1] & HCI_LMP_PARK_MODE)
840 unit->hci_lmp_mask |= HCI_LINK_POLICY_ENABLE_PARK_MODE;
842 /* ACL packet mask */
843 unit->hci_acl_mask = HCI_PKT_DM1 | HCI_PKT_DH1;
845 if (rp.features[0] & HCI_LMP_3SLOT)
846 unit->hci_acl_mask |= HCI_PKT_DM3 | HCI_PKT_DH3;
848 if (rp.features[0] & HCI_LMP_5SLOT)
849 unit->hci_acl_mask |= HCI_PKT_DM5 | HCI_PKT_DH5;
851 if ((rp.features[3] & HCI_LMP_EDR_ACL_2MBPS) == 0)
852 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH1
856 if ((rp.features[3] & HCI_LMP_EDR_ACL_3MBPS) == 0)
857 unit->hci_acl_mask |= HCI_PKT_3MBPS_DH1
861 if ((rp.features[4] & HCI_LMP_3SLOT_EDR_ACL) == 0)
862 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH3
865 if ((rp.features[5] & HCI_LMP_5SLOT_EDR_ACL) == 0)
866 unit->hci_acl_mask |= HCI_PKT_2MBPS_DH5
869 unit->hci_packet_type = unit->hci_acl_mask;
871 /* SCO packet mask */
872 unit->hci_sco_mask = 0;
873 if (rp.features[1] & HCI_LMP_SCO_LINK)
874 unit->hci_sco_mask |= HCI_PKT_HV1;
876 if (rp.features[1] & HCI_LMP_HV2_PKT)
877 unit->hci_sco_mask |= HCI_PKT_HV2;
879 if (rp.features[1] & HCI_LMP_HV3_PKT)
880 unit->hci_sco_mask |= HCI_PKT_HV3;
882 if (rp.features[3] & HCI_LMP_EV3_PKT)
883 unit->hci_sco_mask |= HCI_PKT_EV3;
885 if (rp.features[4] & HCI_LMP_EV4_PKT)
886 unit->hci_sco_mask |= HCI_PKT_EV4;
888 if (rp.features[4] & HCI_LMP_EV5_PKT)
889 unit->hci_sco_mask |= HCI_PKT_EV5;
891 /* XXX what do 2MBPS/3MBPS/3SLOT eSCO mean? */
894 unit->hci_flags &= ~BTF_INIT_FEATURES;
899 DPRINTFN(1, "%s: lmp_mask %4.4x, acl_mask %4.4x, sco_mask %4.4x\n",
900 unit->hci_devname, unit->hci_lmp_mask,
901 unit->hci_acl_mask, unit->hci_sco_mask);
905 * process results of reset command_complete event
907 * This has killed all the connections, so close down anything we have left,
908 * and reinitialise the unit.
911 hci_cmd_reset(struct hci_unit *unit, struct mbuf *m)
914 struct hci_link *link, *next;
917 KKASSERT(m->m_pkthdr.len >= sizeof(rp));
918 m_copydata(m, 0, sizeof(rp), (caddr_t)&rp);
919 m_adj(m, sizeof(rp));
925 * release SCO links first, since they may be holding
926 * an ACL link reference.
928 for (acl = 0 ; acl < 2 ; acl++) {
929 next = TAILQ_FIRST(&unit->hci_links);
930 while ((link = next) != NULL) {
931 next = TAILQ_NEXT(link, hl_next);
932 if (acl || link->hl_type != HCI_LINK_ACL)
933 hci_link_free(link, ECONNABORTED);
937 unit->hci_num_acl_pkts = 0;
938 unit->hci_num_sco_pkts = 0;
940 if (hci_send_cmd(unit, HCI_CMD_READ_BDADDR, NULL, 0))
943 if (hci_send_cmd(unit, HCI_CMD_READ_BUFFER_SIZE, NULL, 0))
946 if (hci_send_cmd(unit, HCI_CMD_READ_LOCAL_FEATURES, NULL, 0))